The essence of creating a hack tool is to explore and exploit right? This one is open source... SO #GetYourFreakOn HACKERS.
Security researcher Samy Kamkar recently managed to take down a locked, password-protected computer armed with only a US$5 Raspberry Pi. The low-tech cookie-siphoning intrusion is one of Kamkar's simplest hacks ever
Kamkar's latest hack, PoisonTap, uses a Raspberry Pi Zero, a micro SD card, and a micro USB cable or other USB emulator devices, including USB Armory or LAN Turtle.
Windows, OS X and Linux recognize PoisonTap as an Ethernet device, load it as a low-priority network device, and perform a DHCP request across it, even if the computer is locked or password-protected.
PoisonTap provides the computer with an IP address. However, the DHCP response tells the machine that the IPv4 space is part of PoisonTap's local network, rather than a small subnet.
If a Web browser is running in the background, one of the open pages will perform an HTTP request in the background. PoisonTap responds with a spoof, returning its own address, and the HTTP request hits the PoisonTap Web server.
When the node Web server gets the request, PoisonTap's response is interpreted as HTML or JavaScript.
The attacker is then able to hijack all Internet traffic from the machine and siphon and store HTTP cookies from the Web browser or websites.
"The PoisonTap project is said to be an extremely clever and creative attack that can have serious consequences"
The code is open source (public), and hardware required to run it is only a few dollars, which increases the risk to average users. "However, it still takes some effort for an attacker to steal the user's data."
For the device to work, the attacker needs physical access to the machine while a Web browser is running in the background.
The risk is lower when a machine has restricted physical access. And higher when a machine is in the public domain, where anyone potentially has access to it.
It might be easier to build a solution to the hack, given that Kamkar's attack was conducted over an open source language, suggested a Symantec researcher. "If someone slips a secret backdoor into an open source project, chances are someone will find it quickly. Often open source is quicker to address vulnerabilities as an open source community can be very large."
In addition, if someone creates a tool and the source code is publicly available, anyone can read the code and develop proper protection for the future, the Symantec researcher pointed out.
"It's certainly very creative work, and it shows just how many attack vectors exist that we've yet to really consider," remarked Troy Hunt, Microsoft MVP-Developer Security.
"However, it also requires physical access -- and once you get to that point, there's a lot of avenues available to an attacker,".
The use of HyperText Transfer Protocol Secured (HTTPS) could cripple this particular attack.
Source; TechNewsWorld.com
No comments:
Post a Comment